General
-
Target
24e7acb706dffb37b3e682424719f5ab.bin
-
Size
1.2MB
-
Sample
240422-bhh3tsdd44
-
MD5
881ec1737c2e73fdaf6eccf181e8be7b
-
SHA1
cc1a2d5bfaba9859a350f7dbe6849763468ff579
-
SHA256
285e04c2bb8bd46ab0ba229bb888f386c8fba38be6ab038e8f80929ff207206a
-
SHA512
eb289fc238d2539cbd11bb511a1a1e51b0c3d24160dd4c1ecdf84976a62aa16341cb4b28ce8709f439ed2db49fec24a8c7fe4ca43a128f2f035aac6098cead0e
-
SSDEEP
24576:XVDZ13c69hQJHFsPbwToAJB0P9sHujykKnv/muRz/fMa9RN8idM2ZS9:FlJ9hAHFYsr0P9WGyk6vxffIfYS9
Behavioral task
behavioral1
Sample
0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.4.1
Office04
Kneegrowless-33547.portmap.host:33547
10674f25-f575-4b14-92cf-06a7073df875
-
encryption_key
E5427EE2BE27EB8DFAE76384CABC8A5EBB33EB00
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d.exe
-
Size
3.1MB
-
MD5
24e7acb706dffb37b3e682424719f5ab
-
SHA1
5d4864f3acb3076ee4005990114a4a1f2520d456
-
SHA256
0972bb0ba1caff7adc92bb35f645b5e0d825fa74fb1b76ff822dce8c200ab30d
-
SHA512
3d4b62d8a2c725f288277a0021c5dc46600e71b20fcdc660fdb00e0d37ff0a0114b7571d331fd85f989da74ef2dbf57add61b90085ff94cf53f5d07fea215c50
-
SSDEEP
49152:HvilL26AaNeWgPhlmVqvMQ7XSKE6kjn+DixoGgBoTHHB72eh2NT:HvaL26AaNeWgPhlmVqkQ7XSKExn+DS
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-